Missing intermediate certificate in MSG

This discussion has a more recent version.


Recipients of encrypted mails are receiving warnings about untrusted pages and/or certificates when attempting to view messages.
Looking up the MSG address using an SSL checker gives the following type of reply:
"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate."


The result from the SSL checker points to a missing intermediate certificate. This can be acquired from the Certificate Authority (CA) and added to the MSG server certificate using the instructions below:

  1. Download the required intermediate certificate in PEM-format from your Certificate Authority
  2. Download the MSG server-certificate in PEM-format from the appliance web UI: System -> Certificates -> Certificates, use the Download...-button to the right of the certificate
  3. Open the PEM-file downloaded from the MSG-appliance in your text editor of choice
  4. To the end of this file, add the content of the intermediate certificate PEM-file and save it as a new PEM-file
  5. Import the new certificate file into the MSG-appliance: System -> Certificates -> Certificates, use the Import-button above the certificate list
  6. Take the new combined certificate in use by distributing it to the master and agent(s): System -> Certificates -> Services

Article no: 000013333